Every security savvy professional lives with the daily fear of the "never expiring password" being exposed. It's the unspoken taboo, the wide open back door in every corporate network. But no-one ever acknowledges it or discusses it. All applications have got pre-defined passwords that never change. Which means developers, privileged users and hosting third party service providers will all have access to these passwords.

I have no doubt that the problem of "never changing passwords" is a genuine concern, but I have difficulty believing that there are really that many applications with *hard coded* passwords. Can it really be the case that "It is virtually certain that there is not a single business critical application in your company that isn't wide open"?

It's also not clear to me how digital vaulting can eliminate the problem, without all of those badly written applications having to be re-implemeneted at the very least.